Active sync with Active Directory.  activeSync.password

Similar Messages

• Use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature?

  Dear all,
  I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.
  I know there are 3 options for digital signature and
  System signature with authorization by user ID and password (We use this currently)
  Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)
  User signature without verification
  Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?
  I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.
  My active directory is based on Windows 2008.
  Thanks in advance!!
  Dhee

  Actually enabling Kerberos for SSO purposes and enabling Kerberos for digital signatures are two different topics although the latter is because of the former. I'm interested in the topic as well and I'm currently looking at different options. SAP provides a BAdI for the digital signature API which can be used for external authentication but they do not provide the solution to invoke Kerberos authentication based on username and password. SAP provides a semi solution with NWSSO 2.0 SP2 which works only on Windows with classic dynpros meaning SAP GUI for Windows is assumed. The solution is based on an ActiveX component which does the actual Kerberos authentication using the Secure Login Client which is part of the NWSSO suite. Extending that implementation to non-Windows and non-GUI applications would require some sort of web enabled service that could be used to authenticate the user with username and password. In case authentication is successful, a Kerberos token would be returned to SAP which would then be validated. All the required pieces are there since SAP has Kerberos support now in both stacks of the NetWeaver Application Server, some bits are still missing though which leaves customers looking at 3rd party or custom solutions.

• Active Directory user passwords on mobile account with File Vault

  Hi all,
  I enabled file vault when I moved to my MacBook Pro. I joined the computer to the domain (after enabling file vault), and logged in with my domain account, creating a managed, mobile account so that I could use the computer when not connected to the domain.
  Active Directory has forced a change in my password for the domain account but I cannot get the password on the Mac to change the password and sync with the domain.
  My account (the one with the changed network password) on the Mac is a standard user account. When I open system preferences, go to Security & Preferences, General, click on the lock to unlock and allow change and then click Change Password  ..., I receive the following error message after going through the steps to change the password:
  The password for the account "user" was not changed. There was a problem with your password. It's possible your system administrator doesn't allow you to change your password. Contact your system administrator for help.
  For Old Password, I used the old network password, the one that I use to log into the Mac. For New Password, I used my new, current password.
  The same result happens when I attempt to change the password from the Users & Groups section of the System Preferences.
  I have logged out and logged in with the user account that is identified as the admin and get a similar (same ?) error when attempting to change the password.
  Any suggestions? How do I get the passwords to be one so that I can forget the old password?

  Thanks for your insights.
  The Tech Tool report happened after AppleJack, and never showed up before that. Restarting again just now, it showed up again.
  I had not emptied the trash, but did now, and the 'get info' on my hard drive still shows that I have used nearly all of my 160 GB.
  Re Disk Warrior: I do have it and just ran it. I emptied trash again and checked to see available disk space: I have 2.47 GB, so the problem still exists.
  Here is the disk warrior report for the first part of its tests:
  DiskWarrior has successfully built a new optimized directory for the disk named "Hildegarde." The new directory is
  ready to replace the original directory.
  There is not enough contiguous free space for a fail-safe replacement of the directory. It is highly recommended that
  you create 204 MB of contiguous free space before replacing the original directory.
  All file and folder data was easily located.
  Comparison of the original and replacement directories indicates that there will be changes to the number, the
  contents and/or the attributes of the files and folders. It is recommended that you preview the replacement
  directory and examine the items listed below. All files and folders were compared and a total of 14,627,488
  comparison tests were performed.
  • Errors, if any, in the directory structure such as tree depth, header node, map nodes, node size, node counts, node
  links, indexes and more have been repaired.
  • 1 folder had a directory entry with an incorrect custom icon flag that was repaired.
  Disk Information:
  Files: 552,652
  Folders: 131,014
  Free Space: 2.47 GB
  Format: Mac OS Extended
  Block Size: 4 K
  Disk Sectors: 321,410,736
  Media: HDT722516DLAT80
  Time: 11/28/08 6:54:19 PM
  DiskWarrior Version: 4.1

• Active Directory & Keychain Password Sync

  We've been introducing some Macs into our Active Directory environment and I'm a little confused about how best to handle the local Keychain password.  We're joining systems to the domain so that users can use their network password to login to their Macs (accounts are setup as Admin, Managed, Mobile) and so far that is working great.
  It's my understanding that the password on the default login keychain is set automatically when the user account is created, so it would match the password the user first used to login to the Mac.  However, we have a password expiration policy here, so users are changing their passwords at least every 3 months. As I understand it, by default the login keychain password is static, so I'm concerned that users are going to either forget the keychain password, or assume it is the same as their network password, and be unable to unlock the keychain should they even be prompted.
  I've tried enabling the "synchronize login keychain password with account" setting in Keychain Access, but this causes another issue.  When the user changes their network password, the next time they login to the Mac they receive a Keychain prompt asking them to enter their old keychain password in order to keep the keychain pass in sync.
  Is there any way to keep the keychain password synchronized to a user's AD account password without prompting them at all?  Or is their an accepted "best practice" regarding the keychain in active directory?
  Thanks

  I've also written a blog post about this Topic:
  http://sccmfaq.wordpress.com/2014/01/23/azure-directory-sync-initial-configuration/
  www.sccmfaq.ch

• Mac OS X 10.5 Clients - Active Directory Login - Password Policy

  Hi,
  I wonder if anyone can help me or give me some pointers.
  I have a client who has a number of Mac OS X 10.5 Leopard clients who sign-in and authenticate with a Window's Active Directory server which has a password policy to prompt users to change their login password every 30 days.
  Today is the day they are required to change their login password and they do get message that says something like "0 days to change your password" but are not getting the subsequent dialogue box that allows them to change their password.
  Any ideas?

  OOPs, missed which one we were talking about, sorry.
  Does it boot to Single User Mode, CMD+s keys at bootup, if so try...
  /sbin/fsck -fy
  Repeat until it shows no errors fixed.
  (Space between fsck AND -fy important).
  Resolve startup issues and perform disk maintenance with Disk Utility and fsck...
  http://docs.info.apple.com/article.html?artnum=106214

• Syncing with Exchange via activesync drains battery

  Got a new iphone and the battery life on it was OK for weeks. Then I set it up to sync mail on an Exchange 2003 server via activesync. After this was enabled the battery life went down to about 5 hours. AT&T even replaced the phone, but nothing changed. The mailbox has a fairly detailed calendar, maybe 5,000 contacts but little mail activity. And if I disable the sync on the phone then the battery life goes back to normal. There seems to be nothing wrong with the mailbox itself and a BBerry can be setup for that mailbox through BES as well and it behaves. Is it possible that the phone is "checking" the mailbox too often? Thanks for any help.

  Hi,
  If you haven't already, update the iPhone to the latest software available(currently 2.2.1).
  http://www.apple.com/iphone/softwareupdate/
  You can also try restarting the iPhone by holding the Sleep/Wake button until the red slider appears> then slide to turn off> and turn the iPhone back on by pressing the Sleep/Wake again, as described on page 34 of the iPhone User Guide.
  http://manuals.info.apple.com/en/iPhoneUserGuide.pdf
  If you see the same issue with Windows Mobile devices connected to the Exchange server, you may need to install this exchange hotfix: http://support.microsoft.com/kb/922475/
  -Jason

• Samsung S4 not syncing with Microsoft Exchange ActiveSync

  I've had my Samsung S4 for several months and everything worked w/o issue until 12/13/2013 when Verizon did a software update "update_SCH-1545_MJ7_to_MK2". 
  Prior to this update, my phone was synced to my work account without any issues. For several years before that, I had other phones synced as well, all without issue. Since this update, all of my contacts/tasks/calendar work just fine.
  The problem is with the email, I cannot get email to sync past 12/10/2013. The phone syncs up and loads emails dating back to 2007, but it will not give me any email past 12/10/2013. I've tried uninstalling/reinstalling, changing push to every 5 minutes,
  resetting the phone. Nothing works. 
  I've spoken with our IT department, they can't figure it out. They referred me to Verizon. I've taken it to Verizon, no one there seems to have a clue. I even asked them to revert my phone to the prior software version, but they claim it's not possible. 
  One of the main issues I believe is the inability of the new software to allow me to access the port #'s being used. I recall the prior version of software to allow me to change these, the new version does not allow or even show what port it's using. 
  Any help would be greatly appreciated.
  I believe we are running Windows XP, unsure of the version of Outlook. We are a small city government, so newer software (2007/2010/2013) is highly unlikely anytime soon. 
  TMMR03

  It looks like Sean Greenlee's response was spot on. My IT guy found an article on removing the phone partnership.
  Per him, "You can use the remote wipe command to delete
  a mobile device partnership from the Exchange server. This action, which is primarily useful for "housekeeping" purposes, will delete from the Exchange server all states that are associated with a specified device. If a user tries to connect a mobile device
  to the Exchange server after the partnership between the mobile device and the Exchange server has been deleted, the mobile device user will be forced to re-establish the partnership with the Exchange server." 
  He completed the remote wipe today, I removed my account, re-started the phone and re-installed the account and everything seems to be working.
  Best of luck.
  TMMR03
   

• Resetting ActiveSync Adapter for Active Directory

  I would like my Active Directory ActiveSync adapter to detect change made only after it is initially started and to disregard any changes prior to that time. The ActiveSync setup appears to allow this by checking the box labeled "When reset, ignore past changes".
  That doesn't appear to be happening, however. Whenever the adapter is started and stopped, it still goes back and appears to search through modifications made well before the adapter was started.
  The help item for that checkbox has this little bit of advice: "To reset the adapter, edit the XmlData object SYNC_resourceName to remove the MapEntry for the desired synchronization process, e.g. ActiveSync.", but doing that has made no difference at all.
  What is the trick to completely resetting the AD ActiveSync adapter and getting it recognize only changes made from the point in time at which it was started?

  steps.
  Restart your server with the active sync in Manual mode, and then check the box "When reset, ignore past changes" and also delete the IAPI_Resource_name.
  now start the active sync, and change the manual mode if required / as well remove the reset check box.
  This is what i did when i faced with the same issue. and it worked for me.

• Can you authenticate user/password from SAP to Active Directory

  I don't want to implement SSO for ABAP because my company doesn't have the license for  "SAP NW Single Sign-On"; but we would like to authenticate our users and their passwords to active directory.  Our goal is to make sure the user/password in SAP is the same as their Active Directory user/password.  Is this possible?
  Thanks!

  This has been discussed many times, for example see SSO with LAN UserID/Password. The short answer is no, you can't synchronize passwords. You can however achieve the requirement assuming you are using Identity Management to provision users and passwords to all systems (AD, SAP, etc). In that case you will have to deal with users changing their password. Recommendation is to enable SSO. If you don't want to get licenses for NWSSO, try to look at other options (X.509 certificates, SPNEGO in AS JAVA and then issue a Logon Ticket, 3rd party solution, etc).

• Active directory, SSGD and password change

  Hi everybody, we have some problems with SSGD, active directory and password change
  Scenario:
  We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
  We have 2 different tarantella installations called "Sgd" and "Tlv";
  Sgd servers are working servers and users authenticate against Eracle, used by our customer.
  We made 2 basic different test with Tlv:
  1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
  2. we configure Tlv to authenticate users against Eracle ---> everything was ok
  There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
  There is ONE DIFFERENCE beetween Eracle and Gruppo:
  Eracle Active Directory's properties:
  Domain functional level: Windows 2000 mixed
  Forest functional level: Windows 2000
  Gruppo Active Directory's properties:
  Domain functional level: Windows 2000 native
  Forest functional level: Windows 2000
  SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
  Can someone help us^Hi Simon
  I'll try again to explain you our problem, because it seems that I wasn't so clear.
  Scenario:
  We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
  We have 2 different tarantella installations called "Sgd" and "Tlv";
  Sgd servers are working servers and users authenticate against Eracle, used by our customer.
  We made 2 basic different test with Tlv:
  1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
  2. we configure Tlv to authenticate users against Eracle ---> everything was ok
  There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
  There is ONE DIFFERENCE beetween Eracle and Gruppo:
  Eracle Active Directory's properties:
  Domain functional level: Windows 2000 mixed
  Forest functional level: Windows 2000
  Gruppo Active Directory's properties:
  Domain functional level: Windows 2000 native
  Forest functional level: Windows 2000
  SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
  Can someone help us?
  Many thank
  Patrizia

  Added question.
  Do you guys know if changing the password will change the password on their Active directory access.
  Thanks,
  helmut

• Configuring Active Directory user to Authenticate against OSB proxy service

  Hi,
  I applied the oracle Predefined auth.xml WS-policy to the osb proxy service and that will query a web service that is running on separate weblogic server, and I configured ActiveDirectory as an Authentication Provider in the weblogic server under myrealm. when I pass the weblogic/weblogic which is an admin account in the OSB test console or soap ui to test the authentication works and I get the response back but when I pass in one of the Active directory username/password I'm getting the following Failed to assert identity with UsernameToken SOAP fault.
  Do I have to change or add any configuration In the weblogic server to make this work? such as Identity Assertion provider in the weblogic server.
  fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
  <con:errorCode>BEA-386201</con:errorCode>
  <con:reason>
  A web service security fault occurred[{http://www.w3.org/2003/05/soap-envelope}Sender][Failed to assert identity with UsernameToken.]
  </con:reason>
  <con:details>
  <err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
  <err:faultcode xmlns:soap="http://www.w3.org/2003/05/soap-envelope">soap:Sender</err:faultcode>
  <err:faultstring>
  Failed to assert identity with UsernameToken.
  </err:faultstring>
  </err:WebServiceSecurityFault>
  </con:details>
  <con:location>
  <con:path>request-pipeline</con:path>
  </con:location>
  </con:fault>
  Regards
  Vick

  Hi Manoj
  I have configured the weblogic server to use the Active Directory Authentication provider which is supported in weblogic server and I can see the AD users under weblogic console under users and groups tab, but if I pass in the username/password of the users in AD I'm getting the above error.
  thanks
  Vick

• Snow Leopard and Windows 2003 Active Directory Binding Issues

  Ok I have a new imac 27" with snow leopard (completely patched).
  I am attempting to join it to an active directory domain.
  First the prequel:
  * I have opened full traffic to and from the machine and our domain controllers
  * I have enabled full logging on the firewall and there are no blocked packets
  * I have used wireshark to watch the traffic on the mac and there appear to be no anomalies (packets being sent out but not getting a response, dns requests that aren't answered, etc)
  * I have enabled full KDC logging on the domain controller in question and there are no errors in any of the event logs on either domain controller.
  * The domain admin account in question has Enterprise, Schema and Domain Admin rights
  * I have tried it both with and without an existing computer account and with every conceivable combination of caps and no caps on domain name, user and computer names.
  I am getting the following error at the very end of the process:
  "Unable to add server. Credential operation failed because an invalid parameter was provided (5102)"
  I enabled debugging on Directory Services and will post a log in a reply.
  Anyone have any ideas? I have been banging my head on this for a week with no luck.

  Here is the log with the Active Directory: entries grepped... the full log is far too large to reply to here, if you think you need it let me know and I can email it to you it is 548kb
  obviously machine names, usernames and ip addresses have been munged.
  2011-02-09 12:13:32 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
  2011-02-09 12:13:36 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
  2011-02-09 12:13:41 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
  2011-02-09 12:13:46 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 1 - Searching for Forest/Domain information
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 2 - Finding nearest Domain controllers
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 3 - Verifying credentials
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Attempting Replica connect to dc3.subdomain.domain.tld.
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: CheckWithSelect - good socket to host dc3.subdomain.domain.tld. from poll and verified LDAP
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Established connection to dc3.subdomain.domain.tld.
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:vyvyIt4
  2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:vyvyIt4
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:vyvyIt4 user [email protected]
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Processing Site Search with found IP
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: No site name available
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating Mappings from inSchema.........
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated schema for node name subdomain.domain.tld
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Configuration naming context = cn=Partitions,CN=Configuration,DC=subdomain,DC=domain,DC=tld
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Top domain set as <cn=subdomain,cn=partitions,cn=configuration,dc=subdomain,dc=domain,dc=tld>
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating domain hierarchy cache
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating policies from domain subdomain.domain.tld
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated policies for node name subdomain.domain.tld
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - Searching for existing computer
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
  2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:zXpbfEi
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:zXpbfEi
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:zXpbfEi user [email protected]
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing Computer search for Ethernet address - 10:9a:dd:56:1b:1d
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - no mapping for Ethernet MAC address
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:vyvyIt4 user [email protected]
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:vyvyIt4 user [email protected]
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:zXpbfEi user [email protected]
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:zXpbfEi user [email protected]
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 5 - Bind/Join computer to domain
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:10xG6op
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Looking for existing Record of machinename
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: KerberosID Found for account CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld - MACHINENAME$
  2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Existing record found @ CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld with [email protected].
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Setting Computer Password FAILED for existing record......
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Computer password change date is 2011-02-04 18:21:01 -0500
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Schtldled computer password change every 1209600 seconds - starting 2011-02-09 12:13:50 -0500
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:10xG6op user [email protected]
  2011-02-09 12:13:50 EST - T\[0x00000001026AA000\] - Active Directory: Failed to changed computer password in Active Directory domain
  2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
  2011-02-09 12:13:51 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
  Message was edited by: aelana

• Got a new iPad and set up to sync with iCloud and now asking for password which I never set. How do I get on device if I don't know what it thinks password is?

  Help.  I just got a new iPad 2 and set up sync with iCloud and no password.  Now asking for a password and I never set one up.  What password does it want: iTunes, iPhone (no real password there either).  Tried as many passwords as I could think with the iPad locking me out since I don't have the password!  Would like to use the iPad but can't get on to try it.
  Thanks.
  Desparate

  So I guess it will only be new apps that I download that are allowed to give me their updates while 13 updates wait for me on an ID I can no longer access.
  Yes...  sorry.
  In the future, if need be, you can re download your purchases for free  >  Downloading past purchases from the App Store, iBookstore, and iTunes Store
  Good rule of thumb is to back up your purchases regardless  >  Mac App Store: Backing up your app purchases

• I can no longer sync with Google Contacts

  I have been using google for 2 years and from the beginning have synced iPhone contacts with my google account.  I just discovered that the synch stopped working.  Initially, I thought it was due to changing google password.  I tried to update iTunes sync with my current google password under the info menu.  But it won't accept the change. Every time I enter my credentials and click enter, the window reopens prompting to re-enter the credentials.  It is like an endless loop.  Why won't it accept the credentials?  I know for absolute certain that I am entering the correct credentials because I use my google account all day for work on my PC, other PC's, and my phone.
  I tried a phone reset with no luck.  I assume the problem is in iTunes because that is where the contact synch is configured.

  Are you trying to set up your Gmail account as an Exchange account? If so, you need to know that Google no longer supports that service for free Gmail accounts. See this article for how to sync your contacts:
  http://www.mactrast.com/2012/12/how-to-setup-google-email-contacts-calendar/
  If it's a question of unlocking the account for that device, try this page:
  https://accounts.google.com/DisplayUnlockCaptcha
  Best of luck.

• MacBook Pro won't sync with iCloud, although iPhone and iPad are fine.

  My MacBook Pro keeps telling me it can't sync with iCloud because my password may be incorrect. I keep re-entering the correct password, but this keeps on happening. iCloud seems to be working fine with iPhone and iPad.  Also, there are 2 iCloud accounts showing on my MacBook, but if I try to delete one, it seems to delete both.

  Your signature says you have 10.3.x but presumably this can't be correct - could you please make sure it's correct to prevent confusion. 10.7.2 is required for iCloud - your Mac won't be able to sync with pre-Lion systems.
  The fact that you have iCloud accounts showing does suggest you have Lion: are they showing in System Preferences>iCloud, or where? You can only enter one there.
  Are the two different or the same? You could try deleting both and then starting the setup again from scratch.